PatchSiren cyber security CVE debrief
CVE-2026-5482 Responsive FileManager CVE debrief
CVE-2026-5482 is a critical vulnerability in Responsive FileManager, a project that is currently unmaintained. The vulnerability allows an unauthenticated attacker to upload files of any type and extension without restriction using the dialog.php endpoint, leading to Remote Code Execution (RCE). This vulnerability was found in the latest release (9.14.0) of the project. The CVSS score for this vulnerability is 9.3, indicating a critical severity.
- Vendor
- Responsive FileManager
- Product
- Responsive FileManager
- CVSS
- CRITICAL 9.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Administrators and users of Responsive FileManager, especially those using version 9.14.0, should be aware of this vulnerability and take immediate action to mitigate the risk.
Technical summary
The vulnerability is caused by an unrestricted file upload feature in the dialog.php endpoint of Responsive FileManager. This allows an attacker to upload malicious files, potentially leading to RCE.
Defensive priority
High
Recommended defensive actions
- Upgrade to a maintained version of Responsive FileManager, if available.
- Implement proper file upload restrictions and validation.
- Monitor for suspicious activity and potential exploitation attempts.
Evidence notes
The vulnerability was reported by [email protected] and is referenced in the CVE record. For more information, see resourceLinkAnnotations with id 'ref-4' and 'ref-5'.
Official resources
CVE-2026-5482 was published on 2026-06-15T12:16:25.947Z and has not been modified since then.